October 25, 2007 at 2:20 pm
Any one have a handy script to recreate SQL Server roles for SQL 2000?
It must be somewhere.
Thanks,
Vivien
October 25, 2007 at 7:20 pm
Generate Script?:cool:
October 25, 2007 at 7:43 pm
Hope this helps i made the script few weeks ago this script will generate another script of your server/database user log-in and roles. It is in 3 parts: Generate Server Log-ins,Generate Server Roles, Generate database users/roles. As for the password of your server log-in just supplement the password in the section.. run this to the server which will be restored (before restoration)
/****************************************
Script Made by Lester A. Policarpio
For questions and clarifications feel free to email me at
*/
SET NOCOUNT ON
print '--##############################################################'
print '--Generate Script for Server Log-ins'
print '--Supply with your Server log-in password'
print '--##############################################################'
print ''
DECLARE @name varchar(200)
DECLARE @default varchar(200)
print 'DECLARE @login varchar(1024)'
print 'DECLARE @q varchar(1024)'
print ''
print 'CREATE TABLE login'
print '('
print 'names varchar(124),'
print 'pass varchar(124),'
print 'db varchar(124),'
print ')'
--GENERATE SERVER LOG-IN
DECLARE master CURSOR FOR
SELECT name,dbname FROM master..syslogins WHERE name not LIKE '%BUILTIN%' AND name <> 'sa'
OPEN master
FETCH NEXT FROM master INTO @name,@default
WHILE (@@FETCH_STATUS = 0)
BEGIN
print 'INSERT INTO login VALUES ('+''''+@name+''''+','+''' '''+','+''''+@default+''''+')'
FETCH NEXT FROM master INTO @name,@default
END
CLOSE master
DEALLOCATE master
print 'DECLARE logins CURSOR FOR'
print 'select '+''''''''''+'+names+'+''''''''''+'+'','''+'+'+''''''''''+'+pass+'+''''''''''+'+'','''+'+'+''''''''''+'+db+'+''''''''''+ ' AS '+'''LOG'''+ ' FROM login'
print 'OPEN logins'
print 'FETCH NEXT FROM logins INTO @login'
print 'WHILE (@@FETCH_STATUS = 0)'
print 'BEGIN'
print 'SET @q = ''sp_addlogin ''+@login'
print 'EXEC (@q)'
print 'FETCH NEXT FROM logins INTO @login'
print 'END'
print 'CLOSE logins'
print 'DEALLOCATE logins'
print 'DROP TABLE login'
print '--#################################################################'
print '--Generate Script for Server Roles'
print '--#################################################################'
print ''
DECLARE @logins varchar(200)
DECLARE @Default1 varchar(200)
DECLARE @sysadmin int
DECLARE @securityadmin int
DECLARE @serveradmin int
DECLARE @setupadmin int
DECLARE @processadmin int
DECLARE @diskadmin int
DECLARE @dbcreator int
DECLARE @bulkadmin int
DECLARE @master int
print 'DECLARE @login2 varchar(1024)'
print 'DECLARE @w varchar(1024)'
print ''
print 'CREATE TABLE login2'
print '('
print 'names varchar(1024),'
print 'role varchar(3000)'
print ')'
print ''
print ''
DECLARE master CURSOR FOR
select name,dbname,sysadmin,securityadmin,serveradmin,setupadmin,processadmin,diskadmin,dbcreator,bulkadmin
FROM master..syslogins WHERE name not LIKE 'BUILTIN%' AND name <> 'sa'
OPEN master
FETCH NEXT FROM master INTO @logins,@default1,@sysadmin,@securityadmin,@serveradmin,@setupadmin,@processadmin,@diskadmin,@dbcreator,@bulkadmin
WHILE (@@FETCH_STATUS = 0)
BEGIN
--@@@@@@ sysadmin
IF (@sysadmin = 1)
BEGIN
print 'INSERT INTO login2 VALUES ('+''''+@logins+''''+','+'''sysadmin'''+')'
print ''
END
--@@@@@ securityadmin
IF (@securityadmin = 1)
BEGIN
print 'INSERT INTO login2 VALUES ('+''''+@logins+''''+','+'''securityadmin'''+')'
print ''
END
--@@@@@ serveradmin
IF (@serveradmin = 1)
BEGIN
print 'INSERT INTO login2 VALUES ('+''''+@logins+''''+','+'''serveradmin'''+')'
print ''
END
--@@@@@ setupadmin
IF (@setupadmin = 1)
BEGIN
print 'INSERT INTO login2 VALUES ('+''''+@logins+''''+','+'''setupadmin'''+')'
print ''
END
--@@@@@ processadmin
IF (@processadmin = 1)
BEGIN
print 'INSERT INTO login2 VALUES ('+''''+@logins+''''+','+'''processadmin'''+')'
print ''
END
--@@@@@ diskadmin
IF (@diskadmin = 1)
BEGIN
print 'INSERT INTO login2 VALUES ('+''''+@logins+''''+','+'''diskadmin'''+')'
print ''
END
--@@@@@ dbcreator
IF (@dbcreator = 1)
BEGIN
print 'INSERT INTO login2 VALUES ('+''''+@logins+''''+','+'''dbcreator'''+')'
print ''
END
--@@@@@ bulkadmin
IF (@bulkadmin = 1)
BEGIN
print 'INSERT INTO login2 VALUES ('+''''+@logins+''''+','+'''bulkadmin'''+')'
print ''
END
FETCH NEXT FROM master INTO @logins,@default1,@sysadmin,@securityadmin,@serveradmin,@setupadmin,@processadmin,@diskadmin,@dbcreator,@bulkadmin
END
CLOSE master
DEALLOCATE master
print 'DECLARE logins CURSOR FOR'
print 'select names + '+''','''+'+ role FROM login2'
print 'OPEN logins'
print 'FETCH NEXT FROM logins INTO @login2'
print 'WHILE (@@FETCH_STATUS = 0)'
print 'BEGIN'
print 'SET @w = ''sp_addsrvrolemember ''+@login2'
print 'EXEC (@w)'
print 'FETCH NEXT FROM logins INTO @login2'
print 'END'
print 'CLOSE logins'
print 'DEALLOCATE logins'
print 'DROP TABLE login2'
print '--#################################################################'
print '--Generate Script for Database Users/ROles'
print '--#################################################################'
print ''
/****************************************
Script Made by Lester A. Policarpio
other parts came from qa.sqlservercentral.com/articles/Administering/listofdatabaseuserswithdatabaseroles/1545/
For questions and clarifications feel free to email me at
*/
DECLARE @dbcomp varchar(1024)
DECLARE @pass varchar(5000)
DECLARE @counter varchar(500)
--This part of script came from
--qa.sqlservercentral.com/articles/Administering/listofdatabaseuserswithdatabaseroles/1545/
DECLARE @dbid varchar(100)
CREATE TABLE DBROLES
( DBName sysname not null,
UserName sysname not null,
db_owner varchar(3) not null,
db_accessadmin varchar(3) not null,
db_securityadmin varchar(3) not null,
db_ddladmin varchar(3) not null,
db_datareader varchar(3) not null,
db_datawriter varchar(3) not null,
db_denydatareader varchar(3) not null,
db_denydatawriter varchar(3) not null,
db_backupoperator varchar(3) not null
)
declare @dbname varchar(200)
declare @mSql1 varchar(8000)
DECLARE DBName_Cursor CURSOR FOR
select name
from master.dbo.sysdatabases
where name not in ('master','tempdb','model','pubs','northwind','DBA','msdb')
Order by name
OPEN DBName_Cursor
FETCH NEXT FROM DBName_Cursor INTO @dbname
WHILE @@FETCH_STATUS = 0
BEGIN
Set @mSQL1 = ' Insert into DBROLES ( DBName, UserName, db_owner, db_accessadmin,
db_securityadmin, db_ddladmin, db_datareader, db_datawriter,
db_denydatareader, db_denydatawriter,db_backupoperator )
SELECT '+''''+@dbName +''''+ ' as DBName ,UserName, '+char(13)+ '
Max(CASE RoleName WHEN ''db_owner'' THEN ''Yes'' ELSE ''No'' END) AS db_owner,
Max(CASE RoleName WHEN ''db_accessadmin '' THEN ''Yes'' ELSE ''No'' END) AS db_accessadmin ,
Max(CASE RoleName WHEN ''db_securityadmin'' THEN ''Yes'' ELSE ''No'' END) AS db_securityadmin,
Max(CASE RoleName WHEN ''db_ddladmin'' THEN ''Yes'' ELSE ''No'' END) AS db_ddladmin,
Max(CASE RoleName WHEN ''db_datareader'' THEN ''Yes'' ELSE ''No'' END) AS db_datareader,
Max(CASE RoleName WHEN ''db_datawriter'' THEN ''Yes'' ELSE ''No'' END) AS db_datawriter,
Max(CASE RoleName WHEN ''db_denydatareader'' THEN ''Yes'' ELSE ''No'' END) AS db_denydatareader,
Max(CASE RoleName WHEN ''db_denydatawriter'' THEN ''Yes'' ELSE ''No'' END) AS db_denydatawriter,
Max(CASE RoleName WHEN ''db_backupoperator'' THEN ''Yes'' ELSE ''No'' END) AS db_backupoperator
from (
select b.name as USERName, c.name as RoleName
from ' + @dbName+'.dbo.sysmembers a '+char(13)+
' join '+ @dbName+'.dbo.sysusers b '+char(13)+
' on a.memberuid = b.uid join '+@dbName +'.dbo.sysusers c
on a.groupuid = c.uid )s
Group by USERName
order by UserName'
--Print @mSql1
Execute (@mSql1)
FETCH NEXT FROM DBName_Cursor INTO @dbname
END
CLOSE DBName_Cursor
DEALLOCATE DBName_Cursor
--Up to this part of script came from
--qa.sqlservercentral.com/articles/Administering/listofdatabaseuserswithdatabaseroles/1545/
DECLARE @db varchar(1024)
DECLARE @name1 varchar(200)
DECLARE @name2 varchar(20)
DECLARE @hasdbaccess varchar(200)
DECLARE @islogin varchar(200)
DECLARE @isntname varchar(200)
DECLARE @isntgroup varchar(200)
DECLARE @isntuser varchar(200)
DECLARE @issqluser varchar(200)
DECLARE @isaliased varchar(200)
DECLARE @issqlrole varchar(200)
DECLARE @isapprole varchar(200)
SET @name2 = '1'
DECLARE cur CURSOR FOR
select dbname,username,db_owner,db_accessadmin,db_securityadmin,db_ddladmin,db_datareader,db_datawriter,
db_denydatareader,db_denydatawriter,db_backupoperator from DBROLES WHERE username <> 'DBO'
OPEN cur
FETCH NEXT FROM cur INTO @counter,@name1,@hasdbaccess,@islogin,@isntname,@isntgroup,@isntuser,@issqluser,@isaliased,@issqlrole,@isapprole
WHILE (@@FETCH_STATUS = 0)
BEGIN
print '--@@@@@'+@name1+@name2+'@@@@@--'
print 'DECLARE @'+@name1+@name2+' varchar(1024)'
print 'DECLARE @'+@name1+@name2+'2 varchar(1024)'
print 'DECLARE @'+@name1+@name2+'3 varchar(1024)'
print 'DECLARE '+@name1 +@name2+ ' CURSOR for'
print 'select name from master..sysdatabases where name IN ('+''''+@counter+''''+')'
print 'OPEN '+@name1+@name2
print 'FETCH NEXT FROM '+@name1+@name2+' INTO @'+@name1+@name2
print 'WHILE (@@FETCH_STATUS = 0)'
print 'BEGIN'
print 'SET @'+@name1+@name2+'2 = @'+@name1+@name2+'+'+''''+'..sp_grantdbaccess '+''''+'+'+''''+@name1+''''
print 'EXEC (@'+@name1+@name2+'2)'
-- @hasdbaccess
IF (@hasdbaccess = 'YES')
BEGIN
print 'SET @'+@name1+@name2+'3 = @'+@name1+@name2+'+'+''''+'..sp_addrolemember '+''''+'+'+''''+'db_owner'+','+@name1+''''
print 'EXEC (@'+@name1+@name2+'3)'
END
-- @islogin
IF (@islogin ='YES')
BEGIN
print 'SET @'+@name1+@name2+'3 = @'+@name1+@name2+'+'+''''+'..sp_addrolemember '+''''+'+'+''''+'db_accessadmin'+','+@name1+''''
print 'EXEC (@'+@name1+@name2+'3)'
END
-- @isntname
IF (@isntname = 'YES')
BEGIN
print 'SET @'+@name1+@name2+'3 = @'+@name1+@name2+'+'+''''+'..sp_addrolemember '+''''+'+'+''''+'db_securityadmin'+','+@name1+''''
print 'EXEC (@'+@name1+@name2+'3)'
END
-- @isntgroup
IF (@isntgroup ='YES')
BEGIN
print 'SET @'+@name1+@name2+'3 = @'+@name1+@name2+'+'+''''+'..sp_addrolemember '+''''+'+'+''''+'db_ddladmin'+','+@name1+''''
print 'EXEC (@'+@name1+@name2+'3)'
END
-- @isntuser
IF (@isntuser = 'YES')
BEGIN
print 'SET @'+@name1+@name2+'3 = @'+@name1+@name2+'+'+''''+'..sp_addrolemember '+''''+'+'+''''+'db_datareader'+','+@name1+''''
print 'EXEC (@'+@name1+@name2+'3)'
END
-- @issqluser
IF (@issqluser = 'YES')
BEGIN
print 'SET @'+@name1+@name2+'3 = @'+@name1+@name2+'+'+''''+'..sp_addrolemember '+''''+'+'+''''+'db_datawriter'+','+@name1+''''
print 'EXEC (@'+@name1+@name2+'3)'
END
-- @isaliased
IF (@isaliased = 'YES')
BEGIN
print 'SET @'+@name1+@name2+'3 = @'+@name1+@name2+'+'+''''+'..sp_addrolemember '+''''+'+'+''''+'db_denydatareader'+','+@name1+''''
print 'EXEC (@'+@name1+@name2+'3)'
END
-- @issqlrole
IF (@issqlrole = 'YES')
BEGIN
print 'SET @'+@name1+@name2+'3 = @'+@name1+@name2+'+'+''''+'..sp_addrolemember '+''''+'+'+''''+'db_denydatawriter'+','+@name1+''''
print 'EXEC (@'+@name1+@name2+'3)'
END
-- @isqpprole
IF (@isapprole = 'YES')
BEGIN
print 'SET @'+@name1+@name2+'3 = @'+@name1+@name2+'+'+''''+'..sp_addrolemember '+''''+'+'+''''+'db_backupoperator'+','+@name1+''''
print 'EXEC (@'+@name1+@name2+'3)'
END
print 'FETCH NEXT FROM '+@name1+@name2+' INTO @'+@name1+@name2
print 'END'
print 'CLOSE '+@name1+@name2
print 'DEALLOCATE '+@name1+@name2
SET @name2 = @name2+'1'
FETCH NEXT FROM cur INTO @counter,@name1,@hasdbaccess,@islogin,@isntname,@isntgroup,@isntuser,@issqluser,@isaliased,@issqlrole,@isapprole
END
CLOSE cur
DEALLOCATE cur
DROP TABLE DBROLES
"-=Still Learning=-"
Lester Policarpio
October 25, 2007 at 7:49 pm
And one thing before you apply the result of the script above to the database you already restored you must delete first the orphaned users. Here is the script to delete the orphaned users.
NOTE: please read the comments carefully 😀
/***********************************
Script Made by: Lester A. Policarpio
Any Suggestions and Clarifications feel free
to email me at lpolicarpio2005@yahoo.com
This script will delete orphaned users in all
databases of a certain server
(excluding system databases)
***********************************/
SET NOCOUNT ON
IF EXISTS (SELECT name from sysobjects where name = 'orphaned')
DROP TABLE orphaned
CREATE TABLE orphaned (DBName varchar(500), UserName varchar(250))
DECLARE @db varchar(500)
DECLARE @set varchar(1024)
DECLARE db CURSOR FOR
SELECT name FROM master..sysdatabases WHERE name NOT IN
('master','model','msdb','tempdb','DBA','pubs','Northwind')
OPEN db
FETCH NEXT FROM db INTO @db
WHILE (@@FETCH_STATUS = 0)
BEGIN
--SELECT statement below is from http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=12615
SET @set = 'SELECT UserName = name,'+''''+@db+''''+' as '+'''DBName'''+' FROM '+@db+'..sysusers
WHERE issqluser = 1 and (sid is not null and sid <> 0x0)
and suser_sname(sid) is null
ORDER BY name'
INSERT INTO orphaned(UserName,DBName) exec (@set)
FETCH NEXT FROM db INTO @db
END
CLOSE db
DEALLOCATE db
--Second CURSOR
DECLARE @db2 varchar(500)
DECLARE @db3 varchar(500)
DECLARE @change_login varchar(50)
print 'Orphaned Users are : '
DECLARE db2 CURSOR FOR
SELECT DBName,UserName FROM orphaned
OPEN db2
FETCH NEXT FROM db2 INTO @db2,@db3
WHILE (@@FETCH_STATUS = 0)
BEGIN
SET @change_login = @db2+'..sp_revokedbaccess '+''''+@db3+''''
print '['+(@db3)+']'+' -------------------- in database: '+'['+(@db2)+']' -- lets you view first the orphaned users
--exec (@change_login) --execute this part and it will delete the orphaned users
FETCH NEXT FROM db2 INTO @db2,@db3
END
CLOSE db2
DEALLOCATE db2
DROP TABLE orphaned
SET NOCOUNT OFF
"-=Still Learning=-"
Lester Policarpio
October 26, 2007 at 2:53 pm
Thank you for sharing. A lot of efforts. I thought it could be a simple script to migrate roles.
I used sp_help_revlogin for login migration to another server. But it does not generate sp_addrolemember part.
October 29, 2007 at 6:45 pm
Yeah my scenario is also same as you i searched for many commands that will do the trick but end up making 1 😀
Ohhh 1 thing.... the script i gave you about the delete orphaned users will only take effect for those table who's owner is dbo if the owner is not dbo then i think you will encounter an error if you table setting is set with a different owner i suggests you get a delete orphaned user script in the script section of this site else if all tables are owned by dbo then this script should do the trick (the delete orphaned user script)
"-=Still Learning=-"
Lester Policarpio
October 30, 2007 at 12:48 am
What about this?
How to Script User and Role Object Permissions in SQL Server
By : Bradley Morris
May 14, 2002
http://www.sql-server-performance.com/articles/dba/object_permission_scripts_p1.aspx
G. Milner
October 30, 2007 at 2:09 am
that's a good script you have there gdmilner but in order to script all the users you must run the script in each of the databases and not to mention that you must supplement the database username of each of the databases..... what if you have let's say... hmmm 40-50 databases per server???
"-=Still Learning=-"
Lester Policarpio
November 2, 2007 at 12:14 am
Check if the below script helps.
/* Script by Sugesh */
/*posted @ sqlarticles.com */
set nocount on
Print 'Column Level Privileges to the User:'
select 'grant '+privilege_type+' on '+table_schema+'.'+table_name+' ('+column_name+') to ['+grantee+']'+case IS_GRANTABLE when 'YES' then ' With GRANT OPTION' else '' end from INFORMATION_SCHEMA.COLUMN_PRIVILEGES
Print 'Table Level Privileges to the User:'
select 'grant '+privilege_type+' on '+table_schema+'.'+table_name+' to ['+grantee+']' +case IS_GRANTABLE when 'YES' then ' With GRANT OPTION' else '' end from INFORMATION_SCHEMA.TABLE_PRIVILEGES
Print 'Privileges for Procedures/Functions to the User:'
select 'grant execute on '+c.name+'.'+a.name+' to '+user_name(b.grantee_principal_id)+case state when 'W' then ' with grant option' else '' end
from sys.all_objects a, sys.database_permissions b, sys.schemas c
where a.object_id = b.major_id and
a.type in ('P','FN') and b.grantee_principal_id<>0 and
b.grantee_principal_id <>2 and
a.schema_id=c.schema_id
Cheers,
Sugeshkumar Rajendran
SQL Server MVP
http://sugeshkr.blogspot.com
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply